The government data reveals that cybercrime is a prevalent issue in the UK, with phishing attacks being the most common and disruptive form of security breach. Impersonation and malware attacks also pose significant threats to organizations. Hacking of online bank accounts and denial of service attacks are less frequent but highly disruptive. Ransomware attacks, although less frequent, have caused significant damage, as demonstrated by the WannaCry attack on the NHS. Unauthorized accessing of files or networks by staff or outsiders is relatively rare. Overall, organizations must prioritize cybersecurity measures to prevent these common forms of cyberattacks.
| Signal | Change | 10y horizon | Driving force |
|---|---|---|---|
| Common cyber threats are unsophisticated | Cyber threats becoming more complex | Increased sophistication of threats | Lack of awareness and training |
| Phishing attacks are common and disruptive | Increase in phishing attacks | More advanced and targeted phishing attacks | Human vulnerability and social engineering |
| Impersonation attacks are common and disruptive | Increase in impersonation attacks | Improved security measures and awareness | Limited legal consequences |
| Viruses, spyware, and malware are declining | Decrease in virus attacks | Improved security measures | Focus on more lucrative forms of attack |
| Hacking of online bank accounts is disruptive | Increase in disruption from hacked bank accounts | Improved security measures and detection | Financial gain and cyber-enabled fraud |
| Denial of service attacks are uncommon | Decrease in denial of service attacks | Continued decline in prevalence | High-profile incidents and publicity |
| Ransomware attacks are catastrophic | Increase in ransomware attacks | More frequent and sophisticated ransomware attacks | Financial gain and disruption |
| Insider threats are comparatively rare | Decrease in insider threats | Improved security measures and detection | Malicious intent and internal access |
| Unauthorised external access is rare | Decrease in external access | Improved security measures and detection | Improved defenses and easier attack methods |
| Unauthorised listening is negligible | Negligible change | Continued low prevalence | Lack of incentive and focus on other methods |